Security expert proposes hackers' union

1 post in this topic

Starlyte 2

A proposal to create an association to represent the interests of hackers and vulnerability researchers is gaining support, a security expert said Wednesday.

The group, which would be geared toward researchers and not software vendors, would provide guidelines on vulnerability disclosures and would lobby against legislation that could stifle security researchers' ability to tinker with software. Nearly three-dozen people have pledged financial support to help get the yet-unnamed group started, said Thor Larholm, senior security researcher for PivX Solutions.

"Initially, what has disturbed me was all the special-interest organizations created by vendors for vendors," he said. "We want to do something for security researchers, and it's not just about disclosure policy, but about helping and supporting researchers."

The move, first publicly proposed on Tuesday to a security mailing list, is the latest by hackers and security researchers to fight off corporate public relations and government policies that aim to suppress information about vulnerabilities from the public.

Security researchers and hackers have long worried that companies may succeed in using the controversial Digital Millennium Copyright Act (DMCA) to quell their reports of vulnerabilities in software products. Several companies--including Adobe Systems, Diebold Election Systems, GameSpy, Hewlett-Packard and SunComm Technologies--have used the DMCA to go after amateur and professional researchers who have found flaws in their products.

A criminal case, which resulted in the conviction of a system administrator on a single charge of computer crime, was recently overturned, but only after the researcher involved served out his 16-month sentence.